Australian cloud computing chauvinists are prepping the “#GovDoesn’tGetIt” hashtag after the Australian National Audit Office (ANAO), with a bit of help from the spooks in the Defence Signals Directorate, identified services like Hotmail and Gmail as key vulnerabilities in government information security.
As noted many years ago …

One of our politicians (I think it was one of ours)...

Humph

back in the day PM&C were convinced their network was "highly protected" when it was only "protected" - "We need access to the HP room", "Why, your boxes are here". "No, they're in there". "Hmm, let's go in the HP room and SSH into your boxes from there"

Britain is as bad

The NHS in the UK has done better than that. They have set up their own webmail system!

It has been officially labelled as secure. Staff are being told to use it to send confidential data from one location to another. They are told that as long as they send to another address on this system, it is secure. Presumably, they have ignored the possibility of any reading it from an unsecure computer. Yes, it can be seen on non-NHS computers - public libraries, your own virus ridden one or apparently ones abroad if you ask them.

Lets have a competition to see who can have the biggest official security hole.

unnecessary title

To be fair it's more secure than using just about any desktop mail client, assuming you allow it to be used on anything other than heavily locked down it controlled desktops.

In reality it needs to be accessed from many more locations and devices than IT could ever provide support and assure security for, so yeah, webmail is okay. I'd add 2-factor security for unknown / new login locations but that's all (needn't be too onerous, sms would do).

NHS

The NHS Trust my husband works at has provided an MS Exchange/Outlook webmail service in recent years. This does require interaction with his phone to get a session specific code by text message - which was better than the previous system.

Unfortunately they allow him to set up forwarding rules from his system to ANY external address. This means that he can and does receive all sorts of confidential material when he switches on his out of office reply and forwarding.

Inept staff in the NHS, generally female managers above him, seem to delight at copying as many people as possible on trivial matters - without ever trimming material.

Posting anonymously this week as he is being made redundant from the end of next week.